Individual Client Message Count Alerting


#1

Hello,
I have my DNS servers logging to Graylog. One use case I’d like to use Graylog for is to detect someone abusing the DNS servers. Lets say a broken client keeps banging away at the DNS or even DHCP servers. I would use the message count alert condition, but how would I alert on an individual client creating these messages? I guess the same would be true for switchport link flapping. Message count alert condition and some how identifying the individual client.

Any ideas?

Thanks!


(Philipp Ruland) #2

Heyo @burd
There is a plugin for your usecase :slight_smile:

Greetings,
Phlipp


#3

Thnak you, I’ll check it out!


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.